Platon Technologies
not logged in Login Registration
EnglishSlovak
open source software development celebrating 10 years of open source development! Friday, March 29, 2024

Diff for scripts/shell/firewall/fw-universal.sh between version 2.116 and 2.121

version 2.116, 2018/06/28 23:13:42 version 2.121, 2019/10/08 22:25:30
Line 22 
Line 22 
 # Licensed under terms of GNU General Public License.  # Licensed under terms of GNU General Public License.
 # All rights reserved.  # All rights reserved.
 #  #
 # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.115 2018/06/28 22:46:00 nepto Exp $  # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.120 2019/02/14 23:14:32 nepto Exp $
 #  #
 # Changelog:  # Changelog:
 # 2003-10-24 - created  # 2003-10-24 - created
Line 763  do_ban_single_ip()
Line 763  do_ban_single_ip()
                 return;                  return;
         fi          fi
         for banned_ip in $*; do          for banned_ip in $*; do
                 $IPTABLES -A INPUT -s $banned_ip -j DROP;                  # This does immediate connection termination, but it must be inserted
                 if [ "X$XEN_MODE" = "Xon" ]; then                  # and thus not appended into chain, otherwise connection will still
                         print_info -ne " XEN_MODE ";                  # remain alive. Former forward chain rule was removed as unneccessary.
                 else                  #   -- Nepto [2018-08-23]
                         $IPTABLES -A FORWARD -s $banned_ip -j DROP;                  #   -- Plantroon [2018-12-10]
                 fi                  $IPTABLES -I INPUT -s $banned_ip -j DROP;
         done          done
 } # }}}  } # }}}
   
Line 816  allow_accept_all()
Line 816  allow_accept_all()
         fi          fi
 } # }}}  } # }}}
   
   allow_accept_vrrp()
   { # {{{
           if [ ! -z "$IFACE_ACCEPT_VRRP" ]; then
                   print_info -en "Accepting VRRP packets on interfaces:"
                   for iface in $IFACE_ACCEPT_VRRP; do
                           print_info -en " $iface"
                           $IPTABLES -A INPUT  -i $iface -d 224.0.0.18/32 -p vrrp -j ACCEPT;
                           $IPTABLES -A OUTPUT -o $iface -d 224.0.0.18/32 -p vrrp -j ACCEPT;
                   done
                   print_info " done."
           fi
   } # }}}
   
 drop_input()  drop_input()
 { # {{{  { # {{{
         if [ ! -z "$NAT_LAN_IFACE" ]; then          if [ ! -z "$NAT_LAN_IFACE" ]; then
Line 1916  case "$1" in
Line 1929  case "$1" in
                 #                  #
                 # (un)commnet next lines as needed                  # (un)commnet next lines as needed
                 #                  #
                 bann_ip_adresses  
                 allow_accept_all                  allow_accept_all
                   allow_accept_vrrp
                 nmap_scan_filter                  nmap_scan_filter
                 invalid_packet_filter                  invalid_packet_filter
                 anti_spoof_filter                  anti_spoof_filter
Line 1944  case "$1" in
Line 1957  case "$1" in
                 shaping_on                  shaping_on
                 configure_special_rules                  configure_special_rules
                 custom_rules                  custom_rules
                   bann_ip_adresses
                 $IPTABLES_SAVE -c > $CACHE_FILE                  $IPTABLES_SAVE -c > $CACHE_FILE
                 ;;                  ;;
   

Legend:
Removed from v.2.116  
changed lines
  Added in v.2.121

Platon Group <platon@platon.org> http://platon.org/
Copyright © 2002-2006 Platon Group
Site powered by Metafox CMS
Go to Top